Principles of Network

Administration
Administering a Secure Network
Introduction

Securing the network is an important step in thwarting potential cyber attacks.

Installation of software and hardware is not adequate in keeping your network
secure. You need to implement appropriate configuration and proper
maintenance to keep the network secure. It is an ongoing process and is
defined as network principles.
Rules based management

 Rules based management is also known as the concept of whitelist security

management. Whenever an activity or security event does not match the
rule, it is denied by default. White list security management tools are used
to block zero-day attacks.
 Management of rules is an important concept to control network
communication. It is based on IT and controlled by rule, i.e., filter driven
systems. Routers, proxies, IDS/IPS, firewalls and anti-viruses are some of the
common attributes or the tools used in rule-based security management.
These tools are designed to either allow or deny data or information packet
on the basis of set rules. When any data packet is found to be not
matching the rules then the data packet is denied by default.
Firewall Rules

The rule system followed by a firewall is the first match-apply type. In this case,
the final firewall rule by default is to deny. The principles of this rule are that if
any data packet is not denied or allowed explicitly by any other rule systems
then firewall rules always block that packet by default. It is a good example of
white-list security management tools having separate rules for inbound (Data
Packets coming in) and outbound (Data Packets going out) data depending
on the firewall types such as stateful inspection firewall. However, it is important
to review each of the rules very carefully before implementing them in the
firewall to avoid blocking useful data packets and the creation of possible
loopholes.
VLAN Management

 This is a hardware implementation that segregates the LAN with the help of
switches. The VLAN is utilized primarily to control traffic for enhanced
performance and security of the network. It is also used for isolation of
traffic from the network segment. During communication, certain VLANs
can be avoided by not defining any specific route between them. This can
also be achieved by specifying a filter between VLANs. The VLAN should be
designed to allow necessary data packets while denying unnecessary
ones.
Secure the router configuration

Securing the router configuration is essential to prevent any unauthorized or

malicious changes to the router. This can be done by following the
configurations mentioned below:-
 Always use a unique and secret password for router access.
 The router configuration should deny every type 5 redirect message of
Internet Control Message Protocol or ICMP.
 Use data encryption and secure authentication protocols to protect your
router.
 Configure the IP addresses of trusted networks before and through which
exchange of data packets will be made.
 Configuration of management interfaces should be made working on
internal interfaces only using secure protocols.
Access Control List

 The ACL defines whether one can access or be allowed to carry forward a
particular function. It is applicable mostly to access objects but can be
extended for use in communication as well. ACL is mostly used in firewalls,
switches and routers as a measure for security management. The ACL rules
are known as “Filters” or “Rules of ACL” where data packets are allowed as
an exception and denied by default.
Port Security

Port Security refers to the various attributes in information technology related

to security. It enables administrators to configure switch ports for individuals,
thus allowing only some specific sources to have access. It helps in avoiding
unauthorized access, which is possible through open ports. Unused ports are
thereby blocked or locked with the help of wiring closets and server vaults.
Finally, it is disconnected from the main workstation by disconnecting from the
patch panel.
Flood guards

 This mechanism is used to thwart large-scale DDOS attacks. The primary

purpose of using this process is to identify malicious activities and blocking
them automatically. This action prevents cyber attackers from entering into
the network.
Loop Protection

 A repeating transmission pathway in the network is known as a loop. It uses

resources from networks, particularly from the network throughput capacity
and usually, it takes place in the 2nd or 3rd layer related to the Ethernet and
IP, respectively. Looping at Ethernet level can be overcome through the
use of STP protocol that works both at the bridge and switch level. The STP
learns about the path by using traffic management.
Implicit Deny

 Another important security measure is the “implicit deny.” As the name

suggests it is a denied by default system which grants resources specifically.
The default-deny does not need to be defined as it is implicit in the
management agreement’s permissions. The difference between implicit
deny and firewalls is that here the routers have the default deny all calls as
the last rule. The default response is an implicit deny only when in the
absence of any explicit allow or deny.
Network Separation

 This can be achieved in two ways, either by implementing IP subnets and

using routers or by physically creating two separate networks that do not
require mutual communication. Another way of achieving this is to use
firewalls through secure filters and management of traffic.
Log Analysis

 This process aims to review the log files, audit trails and other types of
records generated by computers to identify policy violations, malicious
events, downtimes and other related issues. This process should be done at
regular intervals in the active network environment. Sometimes log analysis
is performed automatically through the various engines such as IPS or IDS.
Manual log analysis time to time is also essential apart from the automatic
ones to understand the pattern and set limits for automatic analysis.
Unified Threat Management

 This is also known as “All in One Security Appliances.” It is hardware designed

specifically to work in between the Internet and private networks. Undefined
threat management is used for filtering the inbound and outbound traffic that is
entering or leaving the network. Such management is implemented to act
more as a firewall, IPS, IDS, DDOS protection, virus scanning, spam and web
filtering, and for tracking activity. Several unified threat management tools work
on the server end for the maintenance of web applications as well as for the
wireless security features.
 Unified threat management is more of a cost saving option for smaller
companies. For bigger companies, it cannot be regarded as an optimal
alternative as it suffers from less specialization, single point-of-failure and
possible performance constraints (although it’s still better than traditional ones
as it provides multiple security functions within a single system). Bigger
companies can afford better options.